[ https://issues.apache.org/jira/browse/METRON-903?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15991326#comment-15991326 ]
ASF GitHub Bot commented on METRON-903: --------------------------------------- Github user james-sirota commented on the issue: https://github.com/apache/incubator-metron/pull/556 Just spun up the dashboard. The YAF portion is correct. The YAF sensor produces flow information from A to B and you produce a table that counts and orders them. Bro is almost correct. Bro produces HTTP and DNS metadata for us. So you need to differentiate by protocol. In case of Bro-DNS your dashboard should say top DNS requests. In case of Bro-HTTP your dashboard should say top HTTP requests. Snort is an IDS that produces alerts. So your dashboard should say top number of generated alerts. One thing that would be useful here is to add a second dashboard for YAF that would give me a histogram for a connection of my choice. For example, your top connection is 192.168.66.1->192.168.66.121 | 867. If I could have a second follow-up dashboard where i could have 4 boxes: sourceIP, destIP, TimeBinSize, HowFarToReachBack. An example use would be that I would take the top connection and do the following: SourceIP= 192.168.66.1, DestIP=192.168.66.121, TimeBinSize=5 mins, HowFarToReachBack=3hours. Then it draws a histogram of the top connection for me in 5 min increments reaching back 3 hours. > Create a connections report in Zeppelin > --------------------------------------- > > Key: METRON-903 > URL: https://issues.apache.org/jira/browse/METRON-903 > Project: Metron > Issue Type: New Feature > Reporter: Justin Leet > Assignee: Justin Leet > > User types in range into a search box > System generates connections report: > IP(A) -> IP(B) : # of times -- This message was sent by Atlassian JIRA (v6.3.15#6346)